The Department of Health and Human Services (HHS) is warning about a new strain of ransomware affecting the health care sector.
Petya ransomware, part of the GoldenEye ransomware family, spread through an auto-update to MeDocs, Ukrainian accounting software. This strain is unique because the virus is capable of self-replication.
To respond to this threat, the National Health Information Sharing and Analysis Center has tested a “vaccine file” or killswitch to prevent the infection from spreading. In addition, HHS encourages users to install the latest Microsoft security patches, use a reliable antivirus program, subscribe to the Critical Infrastructure Program email newsletter, and follow the United States Computer Emergency Readiness Team (US-CERT) for updates.
Meanwhile, HHS directs victims of a ransomware attack to:
- consult the FBI Field Office Cyber Task Force or U.S. Secret Service Electronic Crimes Task Force to report the incident and request assistance;
- report the incident to US-CERT and FBI Internet Crime Complaint Center;
- call the Food and Drug Administration’s 24/7 emergency line at 1.866.300.4374 if the attack affects medical devices; and
- share indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center at HCCIC@hhs.gov.
America’s Essential Hospitals has established a resource page dedicated to cybersecurity threats. Visit this page regularly for new and updated information.
Contact Director of Policy Erin O’Malley at email@example.com or 202.585.0127 with questions.